Celebrities are a perfect target for hackers -- they're highly visible, spend lots of time on their smartphones and they know next to nothing about security. It's no wonder they're often victimized by hackers -- from lone hackerazzis like the alleged Christopher Chaney to hacker groups like the Anonymous offshoot 'Hollywood Leaks.'
But how do these hackers actually hack a cell phone?
Many people seem to think it requires a great deal of computer skill to hack a phone; that you have to be some type of hacker mastermind. But the reality is, it's not that hard.
Here are a few ways:
# 1 -- Physical Access to the Phone -- Obviously, if a person can get physical access to a cell phone, even for a few seconds, it's game over. The person can clone it, place a remote spying tool on the phone or download the pictures and information directly to their own account.
TIPS -- Make sure your phone has a strong password lock to prevent unauthorized access. Sign up for a mobile phone recovery service -- like Where's My Droid, Find My iPhone, McAfee's WaveSecure, etc. -- that offers GPS tracking, remote freeze and remote wiping in case the phone is ever lost or stolen.
#2 -- Hacking Email, Twitter and Apps -- Most celebrities are hacked through email, Twitter and other accounts that they use on their phones. This is what happened to Scarlett Johanson, Kreayshawn, Mila Kunis and Christina Aguillera, among others -- and it may also be the reason for the more recent hacks on Heather Morris and Christina Hendricks.
Hackers get in by guessing a weak password or bypassing the password altogether by answering a series of cognitive security questions such as mother's maiden name or what high school they attended. This technique is what is alleged to have been used by Chris Chaney and Hollywood Leaks.
To beat a password, hackers can use special password cracking programs that attempt to "dictionary attack" or "brute force" the account, or they can simply do their homework on the celebrity and use that to guess the passphrase or security questions. Once the hacker gets in to one account, especially email, he can use it to get into other accounts (for example, request the Twitter password reminder be sent to Gmail or other web-based email account).
TIPS -- Use a unique password for each online account. Make sure it's at least 10 characters long and doesn't make up a real word -- use letters, numbers and symbols. Give fake answers to the security questions to make it hard for others to guess. To be extra safe, consider using "two-factor authentication" and PGP encryption with the email account as well.
#3 -- Social Engineer the Phone Company -- In 2005, hackers stole nude pictures of Paris Hilton by getting access to her T-Mobile Sidekick II, a precursor to today's smartphones. How did they do it? They impersonated a T-Mobile support tech over the phone and tricked T-Mobile employees into giving them access to the carrier's intranet site that contained a list of user accounts, which allowed them to reset the password to her account and steal photos and contacts. Today, there's still a risk hackers could reset accounts or permissions by conning the phone company, but it's more likely they'll simply target a person's accounts directly online.
TIPS -- Check your online phone accounts periodically to make sure there haven't been any unauthorized changes.
#4 -- Wi-Fi Spies -- Movie stars do a lot of traveling, and while they're roaming about they're often connecting their phones to open Wi-Fi networks -- whether it's at the airport, hotel or Starbucks. This puts them at greater risk of being hacked. Using public Wi-Fi puts all of your online accounts, Internet searches, emails and usernames/passwords out in the open where they can be read, copied and hacked by any person with moderate computer skills. In fact, there are special tools available online that do this.
TIPS -- Don't use public Wi-Fi. Stick with 3G or 4G service, as it's harder to hack. If you must use a public wireless network, only use websites or apps from your phone that offer encryption ('https' in the address bar) and don't save your passwords in a cache. Even better, setup a virtual private network (VPN) that will encrypt your online activity no matter where you are.
#5 -- Spyware -- Stars who spend a lot of time using open Wi-Fi and chatting with friends or followers on social networks and clicking on shared links are also at risk of spyware. Spyware is malicious software that can infect your phone in order to record the things you type -- like usernames and passwords -- and it can also be used to steal items from your phone, like photos, contacts and banking data. "FakeToken" is one example of spyware that is currently being found on some Android phones. There's a good chance some celebrity phones have been infected by spyware.
TIPS -- Don't use public Wi-Fi. Don't click on suspicious links, whether they're in email, text messages or tweets.
The bottom line is that most celebrities fall victim to hacks because they use weak passwords and share too much information -- and images -- through easily hacked accounts. A few basic precautions would fix the problem for many of them; hopefully they'll learn their lesson.
Follow Michael Gregg on Twitter: www.twitter.com/TheSolutionFirm